From 9425e16437439e68c7d96abef922167d68fafaff Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Sat, 27 Jun 2015 17:56:01 -0400
Subject: [PATCH] Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for
 reporting. Squaring to satisfy Jacobi requirements suggested by JPM.

---
 rw.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/rw.cpp b/rw.cpp
index cdd9f2d..0b9318b 100644
--- a/rw.cpp
+++ b/rw.cpp
@@ -126,10 +126,16 @@ Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const
 	DoQuickSanityCheck();
 	ModularArithmetic modn(m_n);
 	Integer r, rInv;
-	do {	// do this in a loop for people using small numbers for testing
+
+	// do this in a loop for people using small numbers for testing
+	do {
 		r.Randomize(rng, Integer::One(), m_n - Integer::One());
+		// Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for reporting.
+		// Squaring to satisfy Jacobi requirements suggested by JPM.
+		r = modn.Square(r);
 		rInv = modn.MultiplicativeInverse(r);
 	} while (rInv.IsZero());
+
 	Integer re = modn.Square(r);
 	re = modn.Multiply(re, x);			// blind
 

